Microsoft discloses AutoJack, an exploit chain that hijacks AutoGen Studio AI agents via malicious webpages. A single URL visit triggers arbitrary code execution on the host machine.
Prinz Eugen ransomware prioritizes recently modified files for encryption, maximizing business disruption. Learn how this Go-based threat works and who's at risk.
Spyder and MaXSS vulnerabilities in popular AI browser extensions allow full session hijacking. Exploitation requires only visiting a malicious webpage.
Symantec reveals ransomware group used Teams TURN relay infrastructure to mask command-and-control. First documented abuse of Teams relay for malware C2.
Texas Parks & Wildlife discloses third-party breach affecting 3 million fishing and hunting license holders. Driver's licenses, passports exposed.
CVE-2025-20701 lets attackers hijack unpaired Beats, Sony, JBL earbuds to eavesdrop via microphone. CVSS 8.8 flaw affects 29 products from 10 brands.
ESET unmasks GentleKiller, an 8-variant EDR killer framework targeting 400+ security processes. The gang ships updates to affiliates like a software vendor.
CVE-2026-20266 in Splunk AI Toolkit allows authenticated admins to execute arbitrary OS commands. CVSS 9.1 flaw affects versions below 5.7.4—upgrade or uninstall immediately.
Attackers exploited a compromised Klue Battlecards integration to steal Salesforce CRM data from enterprises including Huntress. Salesforce has disabled the app connection.
Microsoft warns of CryptoBandits campaign spreading clipboard-hijacking malware through USB drives. The worm uses Tor C2, steals seed phrases, and replaces wallet addresses mid-transaction.
Learn about ransomware, phishing, malware, and essential online safety practices.
Curated books, tools, and resources to deepen your cybersecurity knowledge.
Get the latest cybersecurity news delivered to your inbox.